The WP Activity Log tool for WordPress is at risk for a type of cyber attack called Stored Cross-Site Scripting. This can happen because the plugin does not properly clean and protect information that is entered by users. As a result, hackers could add harmful code to pages that will run when an admin opens the page.